remi/GarminHomeAssistant
1
0
Fork 0
mirror of https://github.com/house-of-abbey/GarminHomeAssistant.git synced 2026-03-12 23:06:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fdf73563a32c2e9be004b38f54b6cd42c6c7eb27
GarminHomeAssistant/HTTP_Headers.md
Philip Abbey fdf73563a3 Update HTTP_Headers.md
2026-02-28 19:56:18 +00:00

3.2 KiB
Raw Blame History

Home | Switches | Actions | Templates | Numeric | Glance | Background Service | Wi-Fi | HTTP Headers | Trouble Shooting | Version History

User Specified Custom HTTP Headers

Principally for those who use HomeAssistant add-on Cloudflared in order to provide additional security via Cloudflare's Web Application Firewall (WAF). But Garmin does not support certificates in requests. And the solution is generic enough for other use cases.

Please let us know if this solution is found to be useful for other situations.

Setup

The settings contain two options for users to specify both the HTTP header name and the value as two free form strings.

If you don't know why you need these, leave them empty and ignore.

Cloudflare WAF rule example

(any(http.request.headers["your-header-name"][*] eq "your-header-key"))

Make the key strong enough!

Cloudflare Access

Cloudflare Access is an authentication mechanism Cloudflare presents to HTTP requests before allowing access to the resources behind the requested URL. As a brief and incomplete guide, if you protect your HomeAssistant instance with their Zero Trust Suite then under Access Controls you can create a service token. Note down the Client-Id and a Client-Secret which can be used as HTTP headers (e.g. cf-access-client-id and cf-access-client-secret respectively). Both of these HTTP headers must be presented by the GarminHomeAssistant application for API calls to reach your HomeAssistant instance hosted by Cloudflare, hence the pair of settings for HTTP Headers shown above. To secure a specific domain in Cloudflare you will need to add a Self-hosted application and create a new Access policy with the Selector set to Service Token (the newly create token name), and the Action set to Service Auth (not Allow).

Please note that the GarminHomeAssistant settings do not attempt to hide your password value with '*' characters, it should be private enough on your personal phone Connect IQ app.

Support

None!

The authors of the Garmin HomeAssistant application do not use, and hence do not know, the Cloudflared add-on. While we have enabled the HTTP headers to support using this add-on, it does mean you support yourself. Please do not raise issues about this functionality unless you are supplying the answers for any required changes too!

Credits

With thanks to Lars Pöpperl (@tispokes) for contributing to this solution.

References

Reference in New Issue View Git Blame Copy Permalink